The money is back - sort of. Linux investment activity slowed down
markedly after the stock market decline in April, and it has been slow to
recover. This week's events, however, show that things are beginning to
happen again:

Leading the pack is Sun's purchase of Cobalt Networks in a deal
valued at about $2 billion. With this move, Sun will have
finally dragged itself into the Linux business realm - assuming the
company does not redesign Cobalt's products into SPARC/Solaris
systems.
More information can be found in Sun's press release on the purchase.

EBIZ is getting $3 million from Caldera Systems. Deciphering
the press
release can be a little hard, but one sees therein that EBIZ is
not getting cash from Caldera; instead, Caldera's "Electronic Linux
Marketplace" division is being transferred to EBIZ, where it will be
called "partnerAxis." This division will be "a web-based B2B entity
providing knowledge exchange, Linux product sales, advertising,
membership and channel development." That clears things right
up.

Caldera CEO Ransom Love will also be joining the EBIZ board of
directors.

The NewsFactor Network has bought 66% of osOpinion, a site
which often runs Linux-related columns. The value of this deal,
according to the
announcement, is $500,000.

MontaVista Software brought in a good chunk of cash for its
operations. The company started by announcing
an (unspecified) equity investment from Intel; it then followed up
with this
announcement of $23 million in investments from WR Hambrecht
and others. All together, that should be enough to keep the company
going for a while.

Even Corel got a new investment which allows it to sell up to
almost 15 million shares of its stock to an unspecified investor.
It is, however, subject to a condition that could be hard for Corel:
"...there having occurred no adverse effect on the company's
business, prospects or financial condition."

It would appear that the business community believes that the Linux stock
slide has bottomed out. The investors are coming back - but hopefully with
more realistic expectations this time.

Debian and free software project organization. Most Linux users are
aware of the Debian distribution and
its status as the most popular noncommercial distribution around. The
distribution itself offers a massive set of packages, a self-updating
capability (for some years now), and a high degree of stability. It is
growing in popularity, despite its high-profile, venture and IPO-funded
competition. Just as interesting as the distribution, however, is the
complex organization that makes it possible.

Because Debian is arguably the most organized of all free software
projects. Kernel development looks like a benevolent dictator floating
serenely above a screaming bazaar of hackers loudly trying to get their
patches noticed and accepted. Apache is an anarchic, but calmer group of
people quietly implementing the features they need. Debian, instead,
resembles an established constitutional democracy, complete with elections
and a civil bureaucracy.

The founding document, perhaps, of the Debian Project is the social contract. It
provides the philosophical underpinnings of the project, including the
commitment to free software and to not hide problems. A much more
legalistic foundation, however, is the Debian Constitution.
This document describes how the project functions and makes decisions.

For example, it defines the office of the Project Leader, which is
currently held by Wichert Akkerman. It's not a particularly powerful
office, however; Debian folks prefer to make their decisions in a more
distributed way. The constitution also defines and empowers the Technical
Committee (currently Ian Jackson, Manoj Srivastava, Dale Scheetz, Guy Maor,
Klee Dienes, and Raul Miller). The Committee can "decide any matter of
technical policy," resolve disputes among developers, and, with a suitably
strong vote, require a developer to make a change that he or she would
otherwise be unwilling to do.

That last power is seldom exercised; Debian developers normally have
absolute power over the packages they maintain. As long as they stay
within the policy guidelines and fix bugs, what they say goes.

Debian does, however, have quite a few policy guidelines. The Developer's
Reference spells out in great detail how Debian developers interact
with the project and each other. Therein one can find out the process for
becoming a recognized developer, the procedure for going on vacation, how
to upload new packages, the conditions under which one developer can update
another developer's packages, how to deal with bug reports, and, of course,
how to retire from the project.

All Debian developers also use a public key encryption system to sign any
packages they upload. That way the project knows that each package it has
came from a recognized developer.

A completely different set of guidelines can be found in the Debian Policy Manual.
This document contains the set of technical policies that make Debian a
functioning, consistent system. It tells how to allocate user and group
IDs, spells out the MIME support policy, defines interpretations of keys on
the keyboard, lays out the proper uses of symbolic links, gives the
accepted way of accessing mailboxes, tells how to use environment
variables, and more. All Debian packages are expected to adhere to these
policies.

On top of all that is a complicated structure of committees and positions
within the Debian organization, including the Release Manager, the CD
Production Team, the Spam Fighting Team, and more. See this organization
listing for the full set.

To the Lone Hacker who is holed up in his basement writing the Great
American Compiler, all of the above may be a bit scary. Where is the fun
of working on free software if you have a whole book full of rules that you
have to follow? But the nature and scale of Debian make this organization
necessary. Debian has several hundred active developers worldwide, and
thousands of packages. Such a project could easily collapse under its own
weight given the chance.

Debian is far from collapse; it is, instead, supremely healthy. Its
distribution is consistent, functional, and highly stable, despite being
made up of thousands of pieces assembled by people who have often never met
each other. Nobody worries about what will happen if Wichert Akkerman
decides his future lies in timeshare condominium sales - the project's
structure and policies would continue to function as before. Debian's
organization makes the project robust.

The project has not been without its glitches - distributions have come out
late, new maintainers were excluded for a long period, and so on. But, in
the end, Debian's organizational effort has worked.

As free software continues to grow, we will certainly see many development
projects on a new, larger scale. The desktop projects are an example of
where things are going. Others will be formed to attempt tasks that are
hard to even image now. Debian has shown one way of making projects on
this scale work. It is a most interesting social institution, with much to
teach us all.

NAT has been a feature of Linux networking for years - though the Linux
world has generally referred to it as "masquerading." Essentially the
feature allows the hiding of a network of systems behind a single
gateway. All outgoing connections appear to come from the gateway itself
- the systems behind it are invisible. They are also, normally,
unreachable from the outside; this feature means that a box running
NAT/masquerading can often serve as a simple and highly effective
firewall.

It is the firewalling ("security") feature of NAT that Cisco claims a
patent for. The claims in the patent text describe the basic NAT
algorithm, then add features like dropping inbound TCP packets that do
not correspond to an existing TCP connection. Passing through FTP data
connections and certain types of ICMP packets are also claimed as
patented features. These are all things that the Linux implementation
does.

If Cisco decides to get obnoxious - and there is no evidence of that at
this time - this could be the first serious patent issue to reach deeply
into the Linux kernel. The basic NAT implementation in Linux predates
the patent application, and thus qualifies easily as prior art. But some
of the fancier filtering features may not. The possibility of a patent
challenge reaching deeply into the Linux kernel exists. This one is
worth keeping an eye on.

:CueCat, one more time. We'll stop talking about the :CueCat affair
soon, we promise. But this episode just keeps on bringing up interesting
issues. Consider this
article in SecurityFocus, which quotes Digital Convergence VP David
Mathews:

Digital Convergence was aghast. "If people take over our cat and
start using their own databases, the world becomes cloudy," says
Mathews. "Our revenue model is being the gate keeper between codes
and their destinations online."

The company's revenue model may depend on being the gate keeper, but free
software's model depends, instead, on freedom. We're not much interested
in gate keepers who seek to maintain their position on the basis of (still
unspecified) intellectual property claims. Freedom makes things hard for
those who prefer a carefully controlled population. Expect to see a lot
more fights like this one.